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Version: 39.0 


Question: 1 


Which two statements about Network Edge Authentication Technology (NEAT) are true? (Choose 
two.) 


A. It can be configured on both access ports and trunk ports. 

B. It allows you to configure redundant links between authenticator and supplicant switches 
C. It can be configured on both access ports and EtherChannel ports. 

D. It supports port-based authentication on the authenticator switch. 

E. It conflicts with auto-configuration 

F. It requires a standard ACL on the switch port. 


Answer: AD 


Question: 2 


DRAG DROP 


Drag and drop the components of a Teredo IPv6 packet from the left to the correct position in the 
packet on the right 


Answer: 
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Question: 3 


Which option describes the purpose of the RADIUS VAP-ID attribute? 


A. It sets the minimum bandwidth for the connection. 

B. It identifies the VLAN interface to which the client will be associated. 

C. It specifies the WLAN ID of the wireless LAN to which the client belongs. 
D. It sets the maximum bandwidth for the connection. 

E. It specifies the ACL ID to be matches against the client. 

F. It specifies the priority of the client. 


Answer: C 


Question: 4 


DRAG DROP 
Drag each attack type on the left to the matching attack category on the right. 
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Answer: 
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Question: 5 


Which of the following Cisco IPS signature engine has relatively high memory usage? 


A. The STRING-TCP engine 
B. The NORMALIZER engine 
C. The STRING-UDP engine 
D. The STRING-ICMP engine 


Answer: B 
Question: 6 
ASA v9.2 new feature 
A. not possible to point to nullo 
B. support for policy based routing with route-map 
C. backup ASA does ospf neighbor 
Answer: A 


Question: 7 


When you configure ip-port-map http port 8080. What would be the output? 
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A. Exhibit A 
B. Exhibit B 
C. Exhibit C 


Answer: A 


Question: 8 


OSPFv3 mechanism of authentication? (choose two) 


Answer: CD 


Question: 9 


WPA 2 with CCMP encryption? (choose three) 


A. AES Counter Mode is a block cipher that encrypts 128-bit blocks of data at a time with a 128-bit 
encryption key 

B. AES Counter Mode is a block cipher that encrypts 256-bit blocks of data at a time with a 256-bit 
encryption key 

C. it encrypt all traffic from the AP to the host 

D. The CCMP algorithm produces a message integrity code (MIC) that provides data origin 
authentication 
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and data integrity for the wireless frame. 
E. CCMP is also referred to as CBC-IN-MAC. 


Answer: ACD 


Question: 10 


same security level interface inter-traffic communication. 


A. asa support 101 security level and mort than 101 interface (include sub-interface) 
B. ASA can assign different interface to the same security level 

C. by default, same security level port inter-traffic is not allowed 

D. ASA should activate inter-interface communication by default 


Answer: ABC 


Question: 11 


DRAG DROP 
Drag the employee designation to right on role they play. 


employee designation role they play 


Answer: 
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employee designation 


role they play 


There are four major roles involved with the change management process, each with separate and 
distinct responsibilities. In the order of their involvement in a normal change, the roles are: 

e Change initiator: The change initiator is the person who initially perceives the need for the change 
and develops, plans, and executes the steps necessary to meet the initial requirements for a Request 
for Change (RFC). like product manager, network architect, network engineer, service manager, 
security manager or support tier 1,2,3 

e Change manager: Larger organizations require a dedicated change manager who is responsible for 
all changes 

e Updating and communicating change procedures 

e Leading a team to review and accept completed change requests with a focus on higher-risk 
changes 

e Managing and conducting periodic change review meetings 

e Compiling and archiving change requests 

e Auditing network changes to ensure that: 

— Change was recorded correctly with work matching the RFC 

— Change had appropriate risk level 

— Configuration items were updated appropriately 

Documentation was updated appropriately 

e Change communication and notification 

e Managing change postmortems 

e Creating and compiling change management metrics 

e Change advisory board: The change advisory board (CAB) is a body that exists to support the 
authorization of changes and to assist change management in the assessment and prioritization of 
changes. When a CAB is convened, members should be chosen who are capable of ensuring that all 
changes within the scope of the CAB are adequately assessed from both a business and a technical 
viewpoint. 

The CAB may be asked to consider and recommend the adoption or rejection of changes appropriate 
for higher-level authorization and then recommendations will be submitted to the appropriate 
change authority. 

Potential members include: 

Customers 

User managers 

User group representatives 
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Applications developers/maintainers 

Specialists/technical consultants 

Services and operations staff, such as service desk, test management, continuity management, 
security, and capacity 

Facilities/office services staff (where changes may affect moves/accommodation and vice versa) 
Contractors’ or third parties' representatives, in outsourcing situations, for example 

Other parties as applicable to specific circumstances (such as marketing if public products are 
affected). 

e Change implementation team (operations) 
http://www.cisco.com/c/en/us/products/collateral/services/high-availability/white_paper_c11- 
458050 


Question: 12 


DRAG DROP 
Drag from left to right on correct action. 


= = 
= 


Answer: 


Question: 13 
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Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is 
not 

forming. Which two options are possible reasons that prevent OSPFv3 to form between these two 
routers? (Choose two.) 


A. mismatch area types 

B. mismatch of subnet masks 

C. mismatch of network types 

D. mismatch of authentication types 
E. mismatch of instance IDs 


Answer: AE 


Question: 14 


The computer at 10.10.10.4 on your network has been infected by a bontnet that directs traffic to a 
malware site at 168.65.201.120 Assuming that filtering will be performed on a Cisco ASA,What 
command can you use to block all current and future connections from the infected host? 


A. ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4 

B. shun 168.65.201.120 10.10.10.4 6000 80 

C. ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120 
D. shun 10.10.10.4 68.65.201.120 6000 80 


Answer: B 


Question: 15 


Refer to the exhibit. 


Which effect of this configuration is true? 


A. The MSS of TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1942 
bytes 

B. The maximum size of TCP SYN+ACK packets passing the transient host is set to 1452 bytes and the 
IP MTU of the interface is set to 1492 bytes 

C. The PMTUD values sets itself to 1452 bytes when the interface MTU is set to 1492 bytes 

D. SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is to 1492 
bytes 
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E. The maximum size of TCP SYN+ACK packets passing the router is set to 452 bytes and the IP MTU 
of the interface is set to 1492 bytes 


Answer: A 


Question: 16 


Refer to the exhibit. 


Which effect of this configuration is true? 


A. It configures the node to generate a link-locak group report when it joins the solicited-node 
multicast group 

B. It enables local group membership for MLDv1 and MLDv2 

C. It enables hosts to send MLD report messages for groups in 224.0.0.0/24 

D. It enables MLD query messages for all link-local groups 

E. It enables the host to send MLD report messages for nonlink local groups 


Answer: C 


Question: 17 


You have configured an ASA firewall in multiple context mode. If the context are sharing an Interface. 
What are two of the actions you could take to classify packets to the appropriate 
Context?(Choose two) 


A. Enable DHCP 

B. Disable MAC auto-generation and adding unique IP addresses to each interface 
C. Enable MAC auto-generation globally 

D. Assign a unique MAC address to each interface 

E. Apply QoS to each interface 


Answer: CD 


Question: 18 


Refer to the exhibit. 
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i 


What is the effect of the given configuration? 


A. It requires the enable password to be authorized by the LOCAL database 

B. It allows users to log in with any user name in the LOCAL database 

C. It enables management authorization for a user-authenticated RADIUS server 

D. Users will be authenticated against the RADIUS servers defined in the adm_net list 
E. It allows SSH connections to console login into the ASA 


Answer: D 


Question: 19 


What feature enables extended secure access form non-secure physical locations? 


A.NEAT 

B.802.1X port-based authentication 
C. port security 

D.storm-control 

E.CBAC 


Answer: A 


Question: 20 


What are the two technologies that support AFT?(Choose two) 


A.NAT-6to 4 
B.NAT-PT 
C.DNAT 
D.NAT64 
E.NAT-PMP 
F.SNAT 


Answer: BD 
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